Highlights:
- Volcano Demon is known to employ a double-tap or double-extortion technique, in which the ransomware operator encrypts data and steals it after they have access to the victim’s computer or system.
- Most of Volcano Demon’s ransomware operations resemble those of any brand-new ransomware organization; however, after that, things start to get intriguing.
A ransomware group, Volcano Demon, makes phone calls to coerce victims into paying a ransom. A cybersecurity startup, Halcyon Tech Inc., raises the alert in its recent report.
The concerned ransomware organization is said to have been active during the final two weeks of June and has already carried out multiple attacks. LukaLocker is a ransomware variant that Volcano Demon has been seen using. It encrypts the files of victims with .nba extension.
Halcyon researchers have discovered that the ransomware group uses a variety of attack tools, including a Linux variant of LukaLocker. Due to the ransomware’s use of shared administrator credentials that it obtained from the network, Windows workstations, and servers have been successfully locked.
Volcano Demon is known to employ a double-tap or double-extortion technique, in which the ransomware operator encrypts data and steals them after they have access to the victim’s computer or system. The ransomware gang then requests money in exchange for a guarantee that the compromised data won’t be sold or made public. The victims are warned that the company’s reputation will suffer significantly more if the stolen material is made public, and this serves as leverage.
Most of Volcano Demon’s ransomware operations resemble those of any brand-new ransomware organization; however, after that, things start to get intriguing. Unlike its ransomware peers, Volcano Demon uses a more traditional and direct method of pestering victims: it calls them regularly instead of using a dark web leak site.
In the two instances that Halcyon saw, the operators of Volcano Demon called executives in charge of information technology and leadership to threaten and haggle over money. The calls, which came from unknown caller ID numbers, were allegedly made occasionally with menacing expectations and tones.
Although Halcyon has only seen two cases from Volcano Demon thus far, there are probably more unreported victims. The scope of the group’s actions is yet unknown.
Researchers at Halcyon stress the significance of solid logging and monitoring systems in identifying and effectively responding to ransomware attacks to reduce the risk of the Volcano Demon attack.
To lessen the effects of ransomware, organizations should assess their security posture, ensure that administrator credentials are kept securely, and implement thorough backup and recovery plans. Regular system audits, as well as the maintenance of current antivirus and endpoint protection services, are also essential for the early identification and prevention of ransomware attacks.